|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69707 Crypt outputs different hash depending on PHP version
Submitted: 2015-05-25 20:01 UTC Modified: 2015-05-25 21:40 UTC
From: jdavis at outlook dot com Assigned:
Status: Not a bug Package: hash related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jdavis at outlook dot com
New email:
PHP Version: OS:


 [2015-05-25 20:01 UTC] jdavis at outlook dot com
Using the crypt function, identical code will result in an output that will vary depending on the PHP version.

Test script:

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2y$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);


Expected result:
I expect the result to be the same for every version, as this function can be used for login/passwords and updating PHP can result in an unusable login.

Actual result:
An example can be seen here:

-Output for 5.3.7 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9:

-Output for 5.5.0 - 5.5.20, 5.6.0 - 5.6.4:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
-Status: Open +Status: Closed
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
The salt is 2 characters too short, this is causing the unexpected output.
 [2015-05-25 21:40 UTC]
-Status: Closed +Status: Not a bug
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Dec 10 06:05:52 2022 UTC